1. Field of the Invention
The field of the invention relates to computer systems and computer networks, and more particularly, to systems and methods for detecting content of computer and network traffic.
2. Background of the Invention
The generation and spreading of computer viruses are major problems in computer systems and computer networks. A computer virus is a program that is capable of attaching to other programs or sets of computer instructions, replicating itself, and/or performing unsolicited or malicious actions on a computer system. Viruses may be embedded in email attachments, files downloaded from Internet, and macros in MS Office files. The damage that can be done by a computer virus may range from mild interference with a program, such as a display of unsolicited messages or graphics, to complete destruction of data on a user's hard drive or server.
To provide protection from viruses, most organizations have installed virus scanning software on computers in their network. However, these organizations may still be vulnerable to a virus attack until every host in their network has received updated anti-virus software. With new attacks reported almost weekly, organizations are constantly exposed to virus attacks, and spend significant resources ensuring that all hosts are constantly updated with new anti-virus information. Furthermore, anti-virus programs that operate at the application-level require enormous computing resources, making such anti-virus programs expensive to deploy and manage.
Besides virus attacks, many organizations also face the challenge of dealing with inappropriate content, such as email spam, misuse of networks in the form of browsing or downloading inappropriate content, and use of the network for non-productive tasks. Many organizations are struggling to control access to appropriate content without unduly restricting access to legitimate material and services. Currently, the most popular solution for blocking unwanted web activity is to block access to a list of banned or blacklisted web sites and pages based on their URLs. However, such approach may be unnecessarily restrictive, preventing access to valid content in web sites that may contain only a limited amount of undesirable material. As with virus scanning, the list of blocked URLs requires constant updating.
Many email spam elimination systems also use blacklists to eliminate unwanted email messages. These systems match incoming email messages against a list of mail servers that have been pre-identified to be spam hosts, and prevent user access of messages from these servers. However, spammers often launch email spam from different hosts every time, making it difficult to maintain a list of spam servers.
Accordingly, improved systems and methods for detecting content of computer and network traffic would be useful.